arXiv:1508.07478vl [quant-ph] 29 Aug 2015 


On the Security of Two Blind Quantum Computations 


Shih-Min Hung and Tzonelih Hwang* 
September 1, 2015 


Abstract 

Blind quantum computation (BQC) protocol allows a client having partial quantum ability to delegate 
his quantum computation to a remote quantum server without leaking any information about the input, 
the output and the intended computation to the server. Several BQC protocols have been proposed, 
e.g., Li et al. in [1] proposed a triple-server BQC protocol and Xu et al. in [2] proposed a single-server 
BQC protocol. Though both papers claimed that their protocols can satisfy the requirement of privacy, 
this paper points out a security loophole in their protocols. With that the server can reveal the private 
information of the client. 
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1 Introduction 

Blind quantum computation (BQC) is one of the most important research topics in quantum cryptography 
that enables a client to delegate a quantum computation to a quantum server without revealing any infor¬ 
mation about the input, the output and the intended computation to the server. Since Childs [3] proposed 
the first BQC protocol in 2005, a variety of BQC protocols have been proposed [4-8]. 

In 2009, Broadbent et al. [5] presented the first universal single-server BQC protocol, and also proposed 
a double-server BQC protocol modified from the single-server BQC protocol. In the double-server BQC 
protocol, the client can be completely classical if both servers (Bobl and Bob2) pre-share entangled states 
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and do not communicate with each other. Recently, Li et al. [1] claimed that the restrictions of non¬ 
communicating servers and pre-sharing of entangled states between both servers can be removed if one 
more server is introduced. Hence, they proposed a triple-server BQC protocol based on the technique of 
entanglement swapping. In their protocol, three servers can communicate with one another and the client 
can be almost classical, i.e., only with the capability of receiving and sending qubits. Nevertheless, Xu et al. 
[2] later indicated that it is unnecessary for the client to communicate with three servers, and hence proposed 
a single-server BQC protocol. 

However, this paper will point out a loophole in both Li et al. and Xu et al.’s protocols. With this 
loophole, the server is able to reveal the private information, such are the input, the output and the intended 
computation, which the client does not want the server to know. In this paper, we will use Xu et al.’s 
single-server BQC protocol as an example to describe the loophole and the attack. 

The rest of this article is organized as follows. Section 2 reviews Xu et al.’s single-server BQC protocol. 
Section 3 describes the attack on Xu et al.’s protocols. Finally, a concluding remark is given in Section 4. 

2 Review Xu et al.’s single-server BQC protocol 

Suppose that a client Alice with limited quantum capability wants to delegate a quantum problem to a quan¬ 
tum server Bob without revealing any information about the input, the output and the intended computation 
with the help of a trusted center, Charlie, who helps them to generate the m-qubit graph states. Xu et al.’s 
single-server protocol proceeds as follows. 

Stepl. Charlie generates 4m Bell pairs jf/jo.o (Hfc, A^)) = (|00) -I- |11)) (k = 1,2, ...,4m) and distributes 

the particles Bk of all Bell pairs to Bob, the other particles Ak to Alice. 

Step2. Alice randomly selects 2m particles ...A^^ and Aj^, Aj^, where 1 < Si < 2m <ti < 

4m, i S {1, 2,..., m} from Ak and sends them to Bob. She discards the others. 

Step 3. After Bob receives these 2m particles form Alice, he implements Bell measurement on {As^ , At.) 
and transmits the measurement outcome of V’z'.x' (Asi,AtJ^ to Alice, where € {0,1}^ and 

i e {l,2,...,m}. 
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Step 4. By the measurement outcome of 

combined state of the corresponding particles and Bt 
are the particles that Bob gets from Charlie. 


V'z'.a:' the entanglement swapping, Alice gets the 

(Bsi.Bt,)^ {i = 1,2, which 


Step 5. Alice sends 2m classical message 


dk + ZkT^ !• to Bob, where {OsiY^i randomly 

J k—1 


{Ok = (- 1 ) 

selected from S = {fc7r/4|fc = 0,1, ...,7} and depend on in Step 4. The 

other 9k and {zk,Xk) are selected randomly. 

, 2m 


step 6. Bob measures his hrst 2m particles in the basis 
to Alice. 


{ - 'I 

^Ok \ 

J fc=l 


and sends the measurement results 


Step 7. Upon receiving {bk}‘k^i form Bob, Alice keeps and discards the others and subsequently 

sends the classical information to Bob. Bob keeps the particles {Bt^}^l and labels them as 

{Si}™ 1 in order. Hence, Bob has the m qubit graph state ^ \6si + bgiTr). 


Step 8. Since Bob has the m qubit graph state ^ \9s^ + bg^Tr) and only Alice knows the values of 6g^ and 
bs^, Alice can run Broadbent et al.’s single-server BQC protocol to delegate the quantum problem to 
Bob. 


In Xu et al.’s protocol, Alice only has to receive the photons and resend it to Bob, whereas in the original 
Broadbent et al.’s protocol, Alice has to generate single photon and rotate it. It seems that the client in Xu 
et al.’s protocol requires less quantum ability than in Broadbent et al.’s protocol. However, in the following, 
we shall point out that Xu et al.’s protocol is not as secure as it claimed to be. 


3 Server’s attack on Xu et al.’s BQC protocol 

In this section, we show that the server (Bob) can obtain the secret information of the client (Alice) without 
being detected in Xu et al.’s BQC protocol. 

As we know, in Broadbent et al.’s single-server BQC protocol, the security of the private information is 
based on \9i) = 10) -|- |1) (i = l,2,...,m), where only Alice knows the 9 of each particle. Hence, Bob cannot 
disclose the input, the output and the intended computation without knowing 9. Similarly, the security of the 
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private information in Xu et al.’s BQC protocol is also based on \9i) = |0) + |1) (i = 1, 2,m). In their 

protocol, Xu et al. claimed that no one except Alice knows the positions ( {si}™ and {ti}™ ^ )• 
cannot calculate without having and . It also means that the input, the output and the intended computation 
will not be revealed. 

However, in this article, we will point out two ways for Bob to obtain {siYlLi s-iid {ti}™ in Xu et al.’s 
BQC protocol. The first attack is an eavesdropping attack. Inside the protocol, because Alice does not have 
quantum memory, Charlie has to send the particles to Alice one by one. When Alice receives a particle, she 
has to decide to resend it or discard it at that time. If Bob eavesdrops the quantum channel between Alice 
and Charlie, then Bob will know the positions ( {si}^^ and ) Alice selected to resend. 

For example, when Charlie sends the first particle to Alice, if Alice resends it to Bob, Bob will get that 
particle at that time and he will know that Alice resends it; otherwise, if Alice discards it. Bob will not get 
any particle at that time and he will know that Alice discards it. 

The second attack is a Trojan horse attack [9-11]. Since the quantum bits are transmitted twice in these 
protocols, Bob can insert invisible photons or delay photons to the photons sent from Charlie to Alice. Then, 
Bob can measure the invisible photons or delay photons sent from Alice to Bob and obtain the positions 
( ). In these two attacks. Bob can get the secret easily and then 

calculate the input, the output and the intended computation. These problems also can be found in Li et 
al.’s BQC protocol. 

4 Conclusions 

We have shown that Xu et al.’s BQC protocol scheme is not secure against server’s attack. A server can 
obtain client’s information without being detected. The same attack can also be successful in Li et al.’s 
BQC. The Trojan horse attack can be easily prevented by device. However, the eavesdropping attack be an 
interesting future research. 
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